topic Re: Configuring :NAT/PAT and IP inspect in Network Security https://community.cisco.com/t5/network-security/configuring-nat-pat-and-ip-inspect/m-p/1265260#M859007 <HTML><HEAD></HEAD><BODY><P>The IP inspect uses CBAC which works the same way as SPI function on a regular firewall. There are 3 steps.</P><P></P><P>1. configure NAT/PAT (which you have done)</P><P>2. Allow the required traffic outbound (ACL)</P><P>3. Create the IP inspect rules and apply them to the interface. The IP inspect rules should contain the traffic that should be permitted back in (replies to outbound requests) even though the ACL denies</P><P></P><P>** Creating INSPECT ***</P><P></P><P>ip inspect name MYTRAFFIC ftp </P><P>ip inspect name MYTRAFFIC http </P><P>ip inspect name MYTRAFFIC https</P><P></P><P>** Applying to interface **</P><P></P><P>On the interface you wish to permit the traffic</P><P></P><P>ip inspect MYTRAFFIC out </P><P></P></BODY></HTML> Wed, 01 Jul 2009 14:30:49 GMT networker99 2009-07-01T14:30:49Z Configuring :NAT/PAT and IP inspect https://community.cisco.com/t5/network-security/configuring-nat-pat-and-ip-inspect/m-p/1265259#M859006 <P>Hi,</P><P>We have configured 1800 ISR to access internet using and NAT ( actually PAT ) and overload feature.</P><P>SImple mode fa0/0 is inside interface and fa0/1 is outside interface. </P><P>We need to apply ip inspect and enable IOS firewall as a security feature.</P><P>How do we apply IP inspect rules for the traffic that is being NATed or we need just to apply it.</P><P>Please share experience of configuring ip inspection with NAT/PAT.</P><P>any configuration link on cisco.com?</P><P>Thanks in advance.</P><P>Subodh</P> Mon, 11 Mar 2019 15:49:44 GMT https://community.cisco.com/t5/network-security/configuring-nat-pat-and-ip-inspect/m-p/1265259#M859006 bapatsubodh 2019-03-11T15:49:44Z Re: Configuring :NAT/PAT and IP inspect https://community.cisco.com/t5/network-security/configuring-nat-pat-and-ip-inspect/m-p/1265260#M859007 <HTML><HEAD></HEAD><BODY><P>The IP inspect uses CBAC which works the same way as SPI function on a regular firewall. There are 3 steps.</P><P></P><P>1. configure NAT/PAT (which you have done)</P><P>2. Allow the required traffic outbound (ACL)</P><P>3. Create the IP inspect rules and apply them to the interface. The IP inspect rules should contain the traffic that should be permitted back in (replies to outbound requests) even though the ACL denies</P><P></P><P>** Creating INSPECT ***</P><P></P><P>ip inspect name MYTRAFFIC ftp </P><P>ip inspect name MYTRAFFIC http </P><P>ip inspect name MYTRAFFIC https</P><P></P><P>** Applying to interface **</P><P></P><P>On the interface you wish to permit the traffic</P><P></P><P>ip inspect MYTRAFFIC out </P><P></P></BODY></HTML> Wed, 01 Jul 2009 14:30:49 GMT https://community.cisco.com/t5/network-security/configuring-nat-pat-and-ip-inspect/m-p/1265260#M859007 networker99 2009-07-01T14:30:49Z